CVE-2024-24751

Name of the Vulnerable Software and Affected Versions sf event mgt versions prior to 7.4.0

Description The existing access control check for events in the backend module of sf event mgt, an event management and registration extension for the TYPO3 CMS, got broken during the update to TYPO3 12.4. This occurred because the RedirectResponse from the $this->redirect() function was never handled.

Recommendations For versions prior to 7.4.0, upgrade to version 7.4.0 to address the issue. As a temporary workaround, consider disabling the $this->redirect() function in the affected backend module until the upgrade is applied. Restrict access to the backend module to minimize the risk of exploitation.